Tougher Security Planned for Internet Explorer 8

In the wake of a report suggesting that IE was the least secure Web browser, Redmond on Wednesday touted the security features expected to appear in IE 8.

In the wake of a report suggesting that Microsoft's Internet Explorer was the least secure of all leading Web browsers, Redmond on Wednesday touted the security features expected to appear in IE 8. The company is promising nothing less than "comprehensive protection" with IE 8's new features.

IE 8's upcoming bells and whistles were described by Eric Lawrence, Microsoft's security program manager for IE, in a blog post. The browser is currently available to the public only in beta test form.

New security functions in IE 8 include the blocking of code that exploits cross-site-scripting (XSS) vulnerabilities, plus local browser defense functions and upload controls for streamed data. IE 8 will also include translation functions to help users stay safe as they input and output data on social networking sites.

The flagship feature will be the deflection of XSS vulnerabilities. Such exploits typically take advantage of holes in Web applications to siphon out search or surf history by swiping info on cookies and other data. Such stolen info can then be used to visit sites where passwords may have been saved at logon interfaces. It can also be used to vandalize, change or delete critical data on a workstation or network.

In the blog, Microsoft's Lawrence wrote that "Preventing XSS on the server-side is much easier that catching it at the browser…[you] simply never trust user input. Most web platform technologies offer one or more sanitization technologies -- developers using ASP.NET should consider using the Microsoft Anti-Cross Site Scripting Library."

Local browser defense functions in IE 8 will be able to contain threats to an application running on an individual workstation. It will stop hackers on a local machine before they branch out onto the network. This fix is crucial, considering the rise in attacks that can give a hacker network access through just one PC in an enterprise environment.

A SmartScreen Filter feature in IE 8 will serve as an upload control, tagging suspicious activity on sites known for attacks. It will display a big warning over a red background before the page even loads. The user will have the option to either "disregard" or "continue" visiting the site.

One of the more basic yet prominent features in IE 8 will be domain highlighting. The browser will automatically highlight what it considers to be the owning domain of the site visited, with the highlight appearing in the browser's address bar. Redmond contends this function will help prevent attacks where the interfaces and graphic presentation of trusted Web Sites are co-opted for fake sites.

As Redmond points out, the domain highlighting function "helps users identify the real site they're on when a website attempts to deceive them."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.